Privacy Policy

This Privacy Policy is designed to comply with all applicable privacy, data protection, and accessibility laws. Because our users may be located in different regions, this section outlines the major legal frameworks governing our collection, use, processing, and retention of personal information.

1. General Data Protection Regulation (GDPR) – EU/EEA & UK GDPR

If you reside in the European Union (EU), the European Economic Area (EEA), or the United Kingdom (UK), your personal data is processed in accordance with:

• EU General Data Protection Regulation (Regulation (EU) 2016/679)

• UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018

Under GDPR, you are entitled to specific rights and protections regarding your personal data. These include:

• Right to access

• Right to rectification

• Right to erasure (“Right to be Forgotten”)

• Right to restrict processing

• Right to data portability

• Right to object to processing (including profiling or direct marketing)

• Rights related to automated decision-making

We process personal data only where we have a valid legal basis, including consent, performance of a contract, legitimate interests, legal obligations, or other grounds permitted under GDPR.

If we transfer your data outside of the EU/EEA or UK, we do so using approved safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions.

2. California Consumer Privacy Act (CCPA) & California Privacy Rights Act (CPRA)

If you reside in California, you are protected under the:

• California Consumer Privacy Act (CCPA)

• California Privacy Rights Act (CPRA) (amending and expanding CCPA)

These laws require us to disclose:

• The categories of personal information collected

• The purposes for which information is used or shared

• Whether personal information is “sold,” “shared,” or used for targeted advertising

• Your rights to access, delete, correct, and opt-out

• Your right to limit the use of sensitive personal information

• Data retention practices

• Our obligation to honor Global Privacy Control (GPC) signals

As required, we provide California residents with a “Do Not Sell or Share My Personal Information” option and an easy method to exercise all CPRA rights.

3. Virginia Consumer Data Protection Act (VCDPA)

For residents of Virginia, we comply with the:

• Virginia Consumer Data Protection Act (VCDPA)

This law grants you rights including:

• Access, correction, deletion, data portability

• Opt-out of: targeted advertising, sale of personal data, and profiling

• Enhanced protections around sensitive data, requiring consent before processing

We also conduct data protection assessments for activities presenting heightened risk, including targeted advertising or profiling.

4. Other U.S. State Privacy Laws

We comply with all applicable U.S. state privacy laws, including but not limited to:

• Colorado Privacy Act (CPA)

• Connecticut Data Privacy Act (CTDPA)

• Utah Consumer Privacy Act (UCPA)

• Texas Data Privacy and Security Act (TDPSA)

• Oregon Consumer Privacy Act (OCPA)

• Florida Digital Bill of Rights (FDBR)

• Montana & Tennessee Consumer Privacy Acts

• Maryland Online Data Privacy Act (MODPA) – effective Oct 1, 2025

• Indiana Consumer Data Protection Act (INCDPA) – effective Jan 1, 2026

These laws provide rights similar to those above, including the right to access, delete, correct, opt-out of data sales, and obtain information about how personal data is processed.

Where required, we recognize universal opt-out signals and provide state-specific appeal processes if we deny a privacy rights request.

5. Children’s Online Privacy Protection Act (COPPA)

We do not knowingly collect personal information from children under 13 years of age.
If such data is discovered, it is deleted promptly.

For any service that may involve minors, we follow COPPA requirements, which include:

• Verifiable parental consent

• Limited data collection

• Special parental rights for access and deletion

6. Accessibility and Anti-Discrimination Compliance

We ensure this Privacy Policy is accessible under:

• Web Content Accessibility Guidelines (WCAG 2.1)

• Americans with Disabilities Act (ADA) (as interpreted for digital accessibility)

• Section 508 of the Rehabilitation Act (for government-affiliated use cases)

If you need this policy in an alternative accessible format (large print, audio, etc.), please contact us.

We do not discriminate against individuals who exercise their privacy rights under any applicable law.

7. Data Security and Breach Notification Laws

We comply with U.S. federal and state-level breach notification laws, as well as:

• GDPR Articles 32–34 (security and breach notification)

• State-specific cybersecurity requirements

• Industry standards for encryption, secure storage, and data minimization

If a breach occurs that poses a risk to your rights or freedoms, we will notify you and relevant regulators within the legally required time frames.

8. International Data Transfer Laws

When transferring personal data across borders, we comply with:

• GDPR International Transfer Rules

• UK International Data Transfer Regulations (IDTR)

• Standard Contractual Clauses (SCCs)

• Adequacy decisions where applicable

• U.S. State privacy requirements for vendor contracts and cross-border sharing

All transfers are conducted with appropriate safeguards.

9. Emerging & New Legislation Compliance

We continue to monitor and implement requirements from upcoming or newly enacted privacy and data security laws, including:

• California Delete Act (SB 362) – consumer one-stop deletion for data brokers

• New health and reproductive privacy laws (e.g., Virginia SB 754)

• AI-related data protection requirements emerging in various jurisdictions

• Any new federal, state, or international privacy frameworks

• Global Privacy Control (GPC) enforcement expansion

We update our privacy practices regularly to maintain compliance with all evolving privacy standards.